Re: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]

From: Kurt Seifried (bugtraq@seifried.org)
Date: 02/23/02


From: "Kurt Seifried" <bugtraq@seifried.org>
To: <bugtraq@securityfocus.com>, "Tommaso Di Donato" <t.didonato@sicurweb.it>
Date: Sat, 23 Feb 2002 14:30:29 -0700

Most vendors ship it with ACL's enabled, red hat for example has the comment
to the effect of "add your network here" so you need to define the network
and then create a rule to allow it (otherwise only localhost is allowed by
default to use squid, reasonably safe). Can't automatically use http_port, I
mean is 192.168.0.1 "outside", depending on your network it could be)? what
about 2.3.4.5 or 5.6.7.8? An acceptable solution in my opinion. Plus some of
us do allow the Internet at large to connect and use the proxy, once they've
authenticated of course.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html

> I love Squid, and yes, default Squid configuration solves this problem...
> But if you want a secure proxy, you have to change the parameter http_port
> to listen only to your internal IP address!!! Default config is:
> http_port 0.0.0.0
> so anyone from the internet can use your proxy (I fond a lot of server so
> configured!!!!). Change it to
> http_port 192.168.1.254 #private IP
>
> My 0.02...
>
> Tommaso Di Donato
>



Relevant Pages

  • Re: Computer forensics to uncover illegal internet use
    ... provided they went through the proxy server. ... >If they don't force users on the network through the HTTP proxy, ... >>lengths to try to mask his illegal activities by erasing cookies, ... >>internet sites this IP address has accessed in the past. ...
    (Security-Basics)
  • Re: Easiest way to Block and Allow Internet Access in AD?
    ... firewall, so that it is accessible from the Internet, like a IIS / FTP ... customer wants to be sure his network never gets infected by any kind of work ... Since the server ... > Device) or Proxy that separates the two. ...
    (microsoft.public.windows.server.networking)
  • Reintroducing... my new PC!
    ... But hardware is only half the computer; ... four days before I got the network straightened out. ... switch futzed out, the internet went down. ... If the proxy computer was ...
    (rec.games.computer.ultima.dragons)
  • Re: Offline Patching
    ... Seems our proxy ... server does not like the URLs with the username/password embedded. ... Network B is tied to Network A only through ... which can access a local web server with Internet access can download ...
    (comp.unix.solaris)
  • RE: bypassing employers proxy to surf anonymously
    ... The proxy box) ... If he is on a company network and I'm ... from monitoring your traffic over that network. ... You have an option to go with a managed service (Cenzic ...
    (Pen-Test)